pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / minio.nix
at master 3.7 kB view raw
1{ pkgs, ... }: 2let 3 tls-cert = pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' 4 openssl req \ 5 -x509 -newkey rsa:4096 -sha256 -days 365 \ 6 -nodes -out cert.pem -keyout key.pem \ 7 -subj '/CN=minio' -addext "subjectAltName=DNS:localhost" 8 9 mkdir -p $out 10 cp key.pem cert.pem $out 11 ''; 12 13 accessKey = "BKIKJAA5BMMU2RHO6IBB"; 14 secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12"; 15 minioPythonScript = pkgs.writeScript "minio-test.py" '' 16 #! ${pkgs.python3.withPackages (ps: [ ps.minio ])}/bin/python 17 import io 18 import os 19 import sys 20 from minio import Minio 21 22 if len(sys.argv) > 1 and sys.argv[1] == 'tls': 23 tls = True 24 else: 25 tls = False 26 27 minioClient = Minio('localhost:9000', 28 access_key='${accessKey}', 29 secret_key='${secretKey}', 30 secure=tls, 31 cert_check=False) 32 sio = io.BytesIO() 33 sio.write(b'Test from Python') 34 sio.seek(0, os.SEEK_END) 35 sio_len = sio.tell() 36 sio.seek(0) 37 minioClient.put_object('test-bucket', 'test.txt', sio, sio_len, content_type='text/plain') 38 ''; 39 rootCredentialsFile = "/etc/nixos/minio-root-credentials"; 40 credsPartial = pkgs.writeText "minio-credentials-partial" '' 41 MINIO_ROOT_USER=${accessKey} 42 ''; 43 credsFull = pkgs.writeText "minio-credentials-full" '' 44 MINIO_ROOT_USER=${accessKey} 45 MINIO_ROOT_PASSWORD=${secretKey} 46 ''; 47in 48{ 49 name = "minio"; 50 meta = with pkgs.lib.maintainers; { 51 maintainers = [ 52 bachp 53 ryan4yin 54 ]; 55 }; 56 57 nodes = { 58 machine = 59 { pkgs, ... }: 60 { 61 services.minio = { 62 enable = true; 63 inherit rootCredentialsFile; 64 }; 65 environment.systemPackages = [ pkgs.minio-client ]; 66 67 # Minio requires at least 1GiB of free disk space to run. 68 virtualisation.diskSize = 4 * 1024; 69 70 # Minio pre allocates 2GiB or memory, reserve some more 71 virtualisation.memorySize = 4096; 72 }; 73 }; 74 75 testScript = '' 76 77 start_all() 78 # simulate manually editing root credentials file 79 machine.wait_for_unit("multi-user.target") 80 machine.copy_from_host("${credsFull}", "${rootCredentialsFile}") 81 82 # Test non-TLS server 83 machine.wait_for_unit("minio.service") 84 machine.wait_for_open_port(9000) 85 86 # Create a test bucket on the server 87 machine.succeed( 88 "mc alias set minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4" 89 ) 90 machine.succeed("mc mb minio/test-bucket") 91 machine.succeed("${minioPythonScript}") 92 assert "test-bucket" in machine.succeed("mc ls minio") 93 assert "Test from Python" in machine.succeed("mc cat minio/test-bucket/test.txt") 94 machine.succeed("mc rb --force minio/test-bucket") 95 machine.systemctl("stop minio.service") 96 97 # Test TLS server 98 machine.copy_from_host("${tls-cert}/cert.pem", "/var/lib/minio/certs/public.crt") 99 machine.copy_from_host("${tls-cert}/key.pem", "/var/lib/minio/certs/private.key") 100 101 machine.systemctl("start minio.service") 102 machine.wait_for_unit("minio.service") 103 machine.wait_for_open_port(9000) 104 105 # Create a test bucket on the server 106 machine.succeed( 107 "mc alias set minio https://localhost:9000 ${accessKey} ${secretKey} --api s3v4" 108 ) 109 machine.succeed("mc --insecure mb minio/test-bucket") 110 machine.succeed("${minioPythonScript} tls") 111 assert "test-bucket" in machine.succeed("mc --insecure ls minio") 112 assert "Test from Python" in machine.succeed("mc --insecure cat minio/test-bucket/test.txt") 113 machine.succeed("mc --insecure rb --force minio/test-bucket") 114 115 machine.shutdown() 116 ''; 117}